File eXchange Protocol
Encyclopedia
File eXchange Protocol (FXP) and (FXSP) is a method of data transfer which uses FTP
to transfer data from one remote server to another (inter-server
) without routing this data through the client's connection. Conventional FTP involves a single server
and a single client
; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.
. As a result of this, FTP server software often has FXP disabled by default.
, cuftpd, RaidenFTPD
, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command - or by sending SSCN prior to PASV transfers -, which instructs the server to create either a SSL or TLS
connection.
However, both methods - CPSV and SSCN - are susceptible to man-in-the-middle attack
s, since the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPD
and SmartFTP
in 2003 and has been widely adopted now.
User-PI - Server A (Dest) User-PI - Server B (Source)
------------------ ------------------
C->A : Connect C->B : Connect
C->A : PASV
A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2
C->B : PORT A1,A2,A3,A4,a1,a2
B->C : 200 Okay
C->A : STOR C->B : RETR
B->A : Connect to HOST-A, PORT-a
File Transfer Protocol
File Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
to transfer data from one remote server to another (inter-server
Inter-server
In computer network protocol design, inter-server communication is an extension of the client–server model in which data are exchanged directly between servers...
) without routing this data through the client's connection. Conventional FTP involves a single server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
and a single client
Client (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
; all data transmission is done between these two. In the FXP session, a client maintains a standard FTP connection to two servers, and can direct either server to connect to the other to initiate a data transfer. The advantage of using FXP over FTP is evident when a high-bandwidth server demands resources from another high-bandwidth server, but only a low-bandwidth client, such as a network administrator working away from location, has the authority to access the resources on both servers.
Risk
Enabling FXP support can make a server vulnerable to an exploit known as FTP bounceFTP bounce attack
FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request....
. As a result of this, FTP server software often has FXP disabled by default.
FXP over SSL
Some FTP Servers such as glFTPdGlftpd
glFTPd is a freely available FTP server which runs on Unix, Linux, and BSD operating systems. It has number of features, like logins restricted by a particular set of IP addresses, transfer quotas per-user and per-group basis, and user/groups not stored in the system files, which make it attractive...
, cuftpd, RaidenFTPD
RaidenFTPD
RaidenFTPD is a Windows-based FTP server.-History:RaidenFTPD is developed by Team JohnLong. The first release has been released in September 2000.-External links:**...
, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN. This normally works by the client issuing CPSV in lieu of the PASV command - or by sending SSCN prior to PASV transfers -, which instructs the server to create either a SSL or TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
connection.
However, both methods - CPSV and SSCN - are susceptible to man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s, since the two FTP servers do not verify each other's SSL certificates. SSCN was first introduced by RaidenFTPD
RaidenFTPD
RaidenFTPD is a Windows-based FTP server.-History:RaidenFTPD is developed by Team JohnLong. The first release has been released in September 2000.-External links:**...
and SmartFTP
SmartFTP
SmartFTP is an FTP/FTPS/SFTP client for Windows, developed by SmartSoft Ltd. Features include SSL/TLS, IPv6 and FXP support, a backup tool, a transfer queue, proxy and firewall support, multiple connections, chmod features, Drag-and-drop and localization for over 20 languages, including English,...
in 2003 and has been widely adopted now.
Technical
Although FXP is often considered a distinct protocol, it is in fact merely an extension of the FTP protocol and is specified in RFC 959:User-PI - Server A (Dest) User-PI - Server B (Source)
------------------ ------------------
C->A : Connect C->B : Connect
C->A : PASV
A->C : 227 Entering Passive Mode. A1,A2,A3,A4,a1,a2
C->B : PORT A1,A2,A3,A4,a1,a2
B->C : 200 Okay
C->A : STOR C->B : RETR
B->A : Connect to HOST-A, PORT-a
See also
- File Transfer ProtocolFile Transfer ProtocolFile Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
(FTP) - Comparison of FTP client softwareComparison of FTP client softwareThe following tables compare general and technical information for a number of FTP clients and related clients that use other file transfer protocols. Please see the individual products' articles for further information. This article is not all-inclusive or necessarily up to date...
- List of FTP server software
- Trivial File Transfer ProtocolTrivial File Transfer ProtocolTrivial File Transfer Protocol is a file transfer protocol known for its simplicity. It is generally used forautomated transfer of configuration or boot files between machines in a local environment....
(TFTP) - SSH file transfer protocolSSH file transfer protocolIn computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream...
(sftp), a protocol running over SSHSecure ShellSecure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client... - FTPSFTPSFTPS is an extension to the commonly used File Transfer Protocol that adds support for the Transport Layer Security and the Secure Sockets Layer cryptographic protocols....
(FTPS), FTP run over SSL - Simple File Transfer ProtocolSimple File Transfer ProtocolSimple File Transfer Protocol, as defined by RFC 913, was proposed as an file transfer protocol with a level of complexity intermediate between TFTP and FTP....
(SFTP), the historical protocol RFC 913